ó O'—^c@@s‚dZddlmZmZddlZddlmZddlmZddl m Z dd l m Z d efd „ƒYZ dS( uš oauthlib.oauth2.rfc6749 ~~~~~~~~~~~~~~~~~~~~~~~ This module is an implementation of various logic needed for consuming and providing OAuth 2.0 RFC6749. i(tabsolute_importtunicode_literalsN(t to_unicodei(tClienti(tprepare_token_request(tparse_token_responsetServiceApplicationClientc B@sMeZdZdZddddd„Zdddddddddd„ ZRS(uçA public client utilizing the JWT bearer grant. JWT bearer tokes can be used to request an access token when a client wishes to utilize an existing trust relationship, expressed through the semantics of (and digital signature or keyed message digest calculated over) the JWT, without a direct user approval step at the authorization server. This grant type does not involve an authorization step. It may be used by both public and confidential clients. u+urn:ietf:params:oauth:grant-type:jwt-bearercK@sAtt|ƒj||||_||_||_||_dS(ubInitalize a JWT client with defaults for implicit use later. :param client_id: Client identifier given by the OAuth provider upon registration. :param private_key: Private key used for signing and encrypting. Must be given as a string. :param subject: The principal that is the subject of the JWT, i.e. which user is the token requested on behalf of. For example, ``foo@example.com. :param issuer: The JWT MUST contain an "iss" (issuer) claim that contains a unique identifier for the entity that issued the JWT. For example, ``your-client@provider.com``. :param audience: A value identifying the authorization server as an intended audience, e.g. ``https://provider.com/oauth2/token``. :param kwargs: Additional arguments to pass to base client, such as state and token. See Client.__init__.__doc__ for details. N(tsuperRt__init__t private_keytsubjecttissuertaudience(tselft client_idR R R R tkwargs((sU/tmp/pip-unpacked-wheel-eAx2J6/oauthlib/oauth2/rfc6749/clients/service_application.pyR#s    uc  K@sjddl} |p|j} | s0tdƒ‚ni|p?|jd6|pO|jd6|p_|jd6t|pytjƒdƒd6t|p’tjƒƒd 6} x1dD])}| |dkr£td |ƒ‚q£q£Wd | krò| jd ƒ| d An encryption key must be supplied to make JWT token requests.uissuaudusubiuexpuiatu)Claim must include %s but none was given.u not_beforeunbfujwt_idujtiuRS256tbodyt assertiontscope(uissuaudusub( tjwtR t ValueErrorR tintttimetNonetpoptupdatetencodeRRt grant_type(R R R R R t expires_att issued_att extra_claimsRRRRtkeytclaimtattrR((sU/tmp/pip-unpacked-wheel-eAx2J6/oauthlib/oauth2/rfc6749/clients/service_application.pytprepare_request_bodyCs4K      N(t__name__t __module__t__doc__RRRR"(((sU/tmp/pip-unpacked-wheel-eAx2J6/oauthlib/oauth2/rfc6749/clients/service_application.pyRs   ( R%t __future__RRRtoauthlib.commonRtbaseRt parametersRRR(((sU/tmp/pip-unpacked-wheel-eAx2J6/oauthlib/oauth2/rfc6749/clients/service_application.pyts